Comprehensive and Detailed Explanation From the ACFE Financial Transactions and Fraud Schemes Manual

The ACFE Fraud Examiners Manual (2020 International Edition), under the section on Information Security in Electronic Commerce Systems, describes the three primary security goals that must be achieved to protect users and account holders:

Confidentiality

Integrity

Availability

These three goals form the cornerstone of information system protection and are often referred to as the CIA triad.

1. Confidentiality

Confidentiality ensures that sensitive information is accessible only to authorized individuals. The Manual highlights that e-commerce systems must protect customers’ personal and financial data from unauthorized access.

2. Integrity

Integrity requires that the information in the system is accurate and has not been improperly altered. This prevents fraudulent manipulation of records, transactions, and account balances.

3. Availability

Availability ensures that systems and data are accessible to authorized users when needed. This includes preventing disruptions caused by system failures, denial-of-service attacks, or internal sabotage.

These three goals are explicitly documented in the ACFE Manual as essential security requirements for safeguarding electronic financial systems.

Why Option C is the Correct Answer

“Penetrability of data” is NOT an information security goal.

In fact, it is the opposite of what an information security framework seeks to achieve. No section of the ACFE Manual identifies "penetrability" as a required or legitimate objective. Instead, systems should be resistant to penetration attempts.

Thus, Option C does not belong to the CIA model or any ACFE-described security framework.

ACFE Manual Reference

These concepts are covered in the Financial Transactions and Fraud Schemes section discussing information security objectives for e-commerce environments, which identifies confidentiality, integrity, and availability as the foundational goals of secure systems.